IUB’s library portal defaced by Indian hackers

IT managers should upgrade CMS to avoid such embarrassments, says Zuberi.


Ammar Sheikh August 07, 2017
IT managers should upgrade CMS to avoid such embarrassments, says Zuberi. photo: express

LAHORE: The library portal of the Islamia University Bahawalpur (IUB) has been defaced by a hacker group claiming to be of Indian origin.

The portal has been hacked for days but the university administration is yet to take note of the defacement and restore the website. According to details, Sir Sadiq Muhammad Khan Library has a web portal which contains information about the available books in the library as well as has access to journals databases including HEC’s Pakistan Educational Research Network (PERN) project.

NSA hacked Pakistani mobile networks: WikiLeaks

The portal has yet to be restored by the university administration and is displaying a message by a group calling itself the Kerala Cyber Warriors. Links to other pages of the library have also been affected by the defacement and the whole portal is rendered useless. The portal has been down with the hacking message for as long as a month, while the university management has yet to take notice and restore it to its original state.

Talking to The Express Tribune, a digital security expert, Lahore Garrison University (LGU) Digital Forensic Research and Service Centre (DFRSC) Director Kaukab Jamal Zuberi explained defacement as, “control is gained over the website using a vulnerability in the content manage system (CMS) and then a file is uploaded to the website.

The hackers can then change or modify different components of the website. Data can also be harmed depending on the control gained by the hackers.”

Zuberi said in order to prevent this, organisations should periodically check and update their configurations and make sure their users’ data was secure. He suggested that the IT managers should routinely upgrade their CMS in order to avoid such embarrassments. He said that millions of websites were using WordPress as their CMS.

“Webmasters should maintain and update their website using the latest version of the CMS as vulnerabilities are often found in the older version of WordPress. In fact these vulnerabilities are very common and can easily be exploited,” he remarked.

Qatar accuses 'neighbours' over hacking that led to crisis

Answering a question, Zuberi said when a server was compromised, it poses risk that the users’ data or any other information, depending on the level of access gained by the attacker, could get into the wrong hands. He said that hackers could get access to sensitive information on the website and could also get to the database, which houses most of the essential information of the organisation.

“As our reliance increases on cyber space, organisations should hire specialised teams and provide their webmaster cyber security training to deal with security issues.

It is very important for the organisations in the current age and IT audits should also be held as these assets and those employed to look after it costs billions of rupees and these things are often overlooked,” he added.

IUB officials were contacted for comments but did not respond till the filing of this report.

Published in The Express Tribune, August 7th, 2017.

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ